FreeScout Help Desk Vulnerability Exposes Hidden Conversation Drafts

/HIGH /CVSS 7.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-863
FreeScout Help Desk Vulnerability Exposes Hidden Conversation Drafts

The National Vulnerability Database (NVD) has detailed CVE-2026-41190, a high-severity vulnerability (CVSS 7.1) affecting FreeScout, a popular self-hosted help desk solution. Prior to version 1.8.215, FreeScout’s APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS setting, intended to restrict user access to conversations, had a critical bypass. While direct UI access was correctly blocked for unauthorized users, the save_draft AJAX endpoint did not enforce these same restrictions.

This flaw allowed a low-privileged authenticated user to directly POST to the save_draft path and create drafts within conversations they were not authorized to view. Although these drafts remained hidden from the unauthorized user’s UI, they were successfully created within the restricted conversation. This constitutes a significant information integrity and confidentiality risk, as sensitive internal communications could be silently infiltrated or manipulated.

Defenders leveraging FreeScout must prioritize patching to version 1.8.215 immediately. This vulnerability, categorized as CWE-863 (Improper Authorization), highlights a common pitfall in access control implementations: inconsistent enforcement across different application layers and API endpoints. Always assume that UI restrictions can be bypassed by direct API calls if not robustly secured at the backend.

What This Means For You

  • If your organization uses FreeScout as a help desk or shared mailbox, you are exposed. This vulnerability (CVE-2026-41190) allows unauthorized users to inject content into private conversations. Patch to FreeScout version 1.8.215 immediately. After patching, audit conversation logs for any suspicious or unassigned draft entries created by unauthorized users.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component Persistence

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

FreeScout Save Draft Vulnerability (CVE-2026-41190)

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-41190 Vulnerability CVE-2026-41190
CVE-2026-41190 Affected Product the UI.

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 21, 2026 at 20:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-41194 — FreeScout is a free self-hosted help desk and shared

CVE-2026-41194 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the mailbox OAuth disconnect action is implemented as `GET...

vulnerabilityCVEmedium-severitycwe-352
/SCW Vulnerability Desk /MEDIUM /5.4 /⚑ 2 IOCs /⚙ 3 Sigma

FreeScout Vulnerability: Unrestricted File Write via ZIP Upload

CVE-2026-41193 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, FreeScout's module installation feature extracts ZIP archives without validating...

vulnerabilityCVEcriticalhigh-severitycwe-22
/SCW Vulnerability Desk /CRITICAL /9.1 /⚑ 3 IOCs /⚙ 3 Sigma

FreeScout Attachment Flaw Allows Data Deletion

CVE-2026-41192 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.215, the reply and draft flows trust client-supplied encrypted attachment...

vulnerabilityCVEhigh-severitycwe-862
/SCW Vulnerability Desk /HIGH /7.1 /⚑ 3 IOCs /⚙ 3 Sigma